openssl_dh_compute_key

// Purpose: Provide a working example of Diffie-Hellman, entirely in php.// This function generates a configuration for Diffie-Hellman keypair// We start with an empty config and have openssl_pkey_new create // a prime and a generator. This is a time consuming step. function get_DH_params ($keylength=2048, $digest_alg="sha512"){    $pkey = openssl_pkey_new(["digest_alg" => $digest_alg,                        "private_key_bits" => $keylength,                        "private_key_type" => OPENSSL_KEYTYPE_DH]);    $details = openssl_pkey_get_details($pkey);    return [            "digest_alg" => $digest_alg,            "private_key_bits" => $keylength,            "dh" => array('p' => $details['dh']['p'], 'g' => $details['dh']['g']),            "private_key_type" => OPENSSL_KEYTYPE_DH,        ];}// Now Alice and Bob can create their respective keypairsfunction get_DH_keyPair ($DH_params) {    $pkey = openssl_pkey_new($DH_params);               $privkey = openssl_pkey_get_private($pkey);    $pubkey = openssl_pkey_get_details($pkey)['dh']['pub_key'];    return (object) compact('pubkey','privkey');}// Now Alice and Bob can create a mutual secretfunction get_DH_mutualsecret($peers_public, $my_private){    return bin2hex(openssl_dh_compute_key($peers_public, $my_private));}// Usage>>> $dh_params = get_DH_params();=> [     "digest_alg" => "sha512",     "private_key_bits" => 2048,     "dh" => [       "p" => b"ó»¸'#ð\x18\x04Û_Ä\tõyÁZàx\x15\x14\x11ƒ┬l=Ü┤H\0",       "g" => "\x02",     ],     "private_key_type" => 2,   ]// Alice & Bob generate their keys from the same dh_params.// Binary values truncated.>>> $alice = get_DH_keypair($dh_params);=> {#3773     +"pubkey": b"""EØüÔSðÔîË╚ùà5ÜLÜ$┘▄±ü6]",     +"privkey": OpenSSLAsymmetricKey {#3771},   }>>> $bob = get_DH_keypair($dh_params);=> {#3774     +"pubkey": b"'ua¥ªo\ê\x11║OM©\vó╣ßÜWöíþ³e÷:\t9Ô\rB┌\x13",     +"privkey": OpenSSLAsymmetricKey {#3765},   }>>> $alice_secret = get_DH_mutualsecret($bob->pubkey, $alice->privkey);=> "5fbf9df2f13da103f106.  .....">>> $bob_secret = get_DH_mutualsecret($alice->pubkey, $bob->privkey);=> "5fbf9df2f13da103f106.  .....">>> $bob_secret == $alice_secret;=> true// Now Alice and Bob have a shared secret which they can use as a symmetric key. The key will be 2048 bits long (same as the DH key length parameter). They can hash it to get a shorter key if they want. // A third person, Charlie, can also create a key pair like Alice and Bob. // And Charlie and Alice can create their own Alice and Bob did.// And Charlie and Bob can create their own (separate) secret. //

A working example. After some study and reading I finally get how this method is working.You need to follow the below 4 steps;1. You create a public key which is known to 1:n parties.2. Each party creates their own keypair.2a. Each party shared their public key with the members.3. Each user can re-create the shared secret by using his Private Key and the Public Key of the other parties.4. Compare the secrets as a handshake/* 1. Create the first, global known public key. *//**     * Get DH public/private keys     * @return array     */    public static function get_keypair()    {        $keys = [];        $config = [            "digest_alg" => "sha512",            "private_key_bits" => 2048,            "private_key_type" => OPENSSL_KEYTYPE_DH,        ];        // Create the private and public key        $res = openssl_pkey_new($config);        $pubKey = openssl_pkey_get_details($res);        $keys["public"] = $pubKey["key"];        openssl_pkey_export($res, $privKey);        $keys["private"] = $privKey;        return $keys;    }Now you share the Public Key with every member of the party./* 2. Each user creates a new Key Pair with the P,G from the global public key info */$key = openssl_get_publickey(base64_decode($publicKey));$info = openssl_pkey_get_details($key);$params = $info["dh"];Now you have the P,G from the public key. Use it;/**     * Create keypair from Prime and Generator for KeyExchange     * @param $prime     * @param $generator     */    public static function create_keypair_from_pg($prime, $generator)    {        $config = [            "digest_alg" => "sha512",            "private_key_bits" => 2048,            "dh" => [                "p" => $prime,                "g" => $generator            ],            "private_key_type" => OPENSSL_KEYTYPE_DH,        ];        return openssl_pkey_new($config);    }/* 3. Create a shared secret with your Private Key, and User 1:n's Public Key */$privateKey = openssl_get_publickey(base64_decode($privateKeyData));$secret1 = openssl_dh_compute_key($user1PublicKey, $privateKey);        if($secret !== false) {            return bin2hex($secret);        }else{            print_r(openssl_error_string());        }$secret2 = openssl_dh_compute_key($user2PublicKey, $privateKey);        if($secret !== false) {            return bin2hex($secret);        }else{            print_r(openssl_error_string());        }/* 4. Compare the secrets as a handshake method */if(strcmp($secret1, $secret2) === 0) {            return true;        }        return false;Good luck, enjoy!. Keep me posted about improvements and updates.  vangelier AT hotmail DOT com

Is it possible for someone to post a working example?  I have written many test and examples, and I just can't seem to get 2 secrets that are alike with this method.I am following this; https://sandilands.info/sgordon/diffie-hellman-secret-key-exchange-with-opensslWith the console, it works great. With openssl_dh_compute_key it does not work.

After some challenges I decided to write a C++ and PHP code samples.As it can be very tricky to get a grib on how the Diffie and Hellman algoritm work. The code samples are cross compatible.Gist with PHP code and C++ code:https://gist.github.com/digitalhuman/2a2b85d61672e4bf83596d41351723baEnjoy!